- The only sure way to prevent SQL Injection attacks is input validation and parametrized queries including prepared statements.
- application code should never use the input directly.
- The developer must sanitize all input, not only web form inputs such as login forms.
Shathana. S.R. Answered question